3768 matches found
CVE-2015-6373
CVE-2015-6373 affects Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices. Root cause: CSRF vulnerability due to lack of CSRF protection. Impact: remote attackers could hijack user authentication and perform unwanted actions. Exploitation details: described as unauthe...
CVE-2015-6372
Cross-site scripting XSS vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614...
CVE-2015-6373
Cross-site request forgery CSRF vulnerability in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611...
Cisco Firepower 9000 Series Switch Clickjacking Vulnerability
A vulnerability in the web interface of the Cisco Firepower 9000 Series Switch could allow an unauthenticated, remote attacker to affect the integrity of the device though a clickjacking or phishing attack. The vulnerability is due to the lack of proper input sanitization of iFrame data in the HT...
Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability
A vulnerability in the Cisco Firepower 9000 Series Switch which could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...
Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Firepower 9000 devices could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...
Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability
A vulnerability in a user script supplied with Cisco Firepower 9000 devices could allow an authenticated, remote attacker to view any file on the device, even ones that should be restricted to authenticated users. The vulnerability is due to lack of input validation of the parameters passed to...
Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability
A vulnerability in the Management I/O MIO command-line interface CLI command execution of Cisco Firepower 9000 devices could allow an authenticated, local attacker to access the underlying operating system and execute commands at the root privilege level. The vulnerability is due to insufficient...
Cisco Firepower 9000 USB Kernel Denial of Service Vulnerability
A vulnerability in the USB driver of Cisco Firepower 9000 could allow an unauthenticated, local attacker with physical access to the device to send invalid USB commands to the kernel and cause a denial of service DoS condition. The vulnerability is due to insufficient sanitization of USB input...
Cisco Firepower 9000 Unauthenticated File Access Vulnerability
A vulnerability in the web interface of the Cisco Firepower 9000 Series Switches could allow an unauthenticated, remote attacker to view certain files on the device that should be restricted. The vulnerability is due to lack of proper authentication checks when a request to download and view a...
Cisco FirePOWER 7000 and 8000 Appliance Denial of Service Vulnerability
The Cisco FirePOWER 7000 and 8000 are Cisco's 7000 and 8000 series firewall appliances. The Cisco FirePOWER 7000 and 8000 appliances have a security vulnerability that allows remote attackers to send specially crafted packets for denial of service attacks...
CVE-2015-6307
Cisco FirePOWER formerly Sourcefire 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service inspection-engine outage via crafted packets, aka Bug ID CSCuu10871...
Code injection
Cisco FirePOWER formerly Sourcefire 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service inspection-engine outage via crafted packets, aka Bug ID CSCuu10871...
CVE-2015-6307
Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 series devices running software 5.4.0.1 are affected by CVE-2015-6307. The vulnerability allows an unauthenticated, adjacent attacker to cause the inspection engine to stall or stop processing packets by sending crafted packets, potentially resu...
CVE-2015-6307
Cisco FirePOWER formerly Sourcefire 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service inspection-engine outage via crafted packets, aka Bug ID CSCuu10871...
Cisco FirePOWER 7000 and Cisco FirePOWER 8000 Series Inspection Engine Stall Vulnerability
A vulnerability in FireSIGHT System Software for Cisco FirePOWER 7000 Series and Cisco FirePOWER 8000 Series devices could allow an unauthenticated, adjacent attacker to cause the inspection engine to stop processing packets. Depending on the affected system configuration, this may cause traffic...
Cisco Firepower 9000 Series Device Information Disclosure Vulnerability
Cisco Firepower Extensible Operating System on Firepower 9000 device is a set of operating systems from Cisco that run on 9000 series firewall devices. A security vulnerability exists in the Cisco Firepower Extensible Operating System version 1.1 1.86 on the Cisco Firepower 9000 device, which...
CVE-2015-4287
Cisco Firepower Extensible Operating System 1.11.86 on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230...
Design/Logic Flaw
Cisco Firepower Extensible Operating System 1.11.86 on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230...
CVE-2015-4287
CVE-2015-4287 affects Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices. The issue arises from improper authentication validation in the device’s web interface, allowing remote attackers to bypass access restrictions and obtain sensitive device information by visitin...